Nothing Special   »   [go: up one dir, main page]

EP0813723B1 - Chip card with protected operating system - Google Patents

Chip card with protected operating system Download PDF

Info

Publication number
EP0813723B1
EP0813723B1 EP96905687A EP96905687A EP0813723B1 EP 0813723 B1 EP0813723 B1 EP 0813723B1 EP 96905687 A EP96905687 A EP 96905687A EP 96905687 A EP96905687 A EP 96905687A EP 0813723 B1 EP0813723 B1 EP 0813723B1
Authority
EP
European Patent Office
Prior art keywords
chip card
operating system
adr
command
processor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Revoked
Application number
EP96905687A
Other languages
German (de)
French (fr)
Other versions
EP0813723A1 (en
Inventor
Markus Weinländer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=7756356&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=EP0813723(B1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Siemens AG filed Critical Siemens AG
Publication of EP0813723A1 publication Critical patent/EP0813723A1/en
Application granted granted Critical
Publication of EP0813723B1 publication Critical patent/EP0813723B1/en
Anticipated expiration legal-status Critical
Revoked legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3558Preliminary personalisation for transfer to user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • G06Q20/3576Multiple memory zones on card

Definitions

  • Smart cards are found in a wide variety of different ways Areas of daily life application. Accordingly there are very large quantities of them in circulation. Usually a variety of measures are envisaged to after issuing the chip card, i.e. during normal Use, financial loss especially for the respective Avoid cardholders. For example, after losing a card at least unauthorized use of the card any third party can be prevented.
  • JP 62-221 089 describes a blocking of a chip card canceled during initialization by reading a data code and with a corresponding one stored on the chip card Data code is compared. Only if there is a match of the code stored on the chip card with the code to be entered by the user becomes the card for initialization Approved. A comparison is therefore made. Of the The data code used for comparison is already on the card contain.
  • the chip card In the chip card present in JP 61-235 994 user-specific by a user during initialization Data entered.
  • the chip card contains two different ones Command sentences.
  • the first instruction set enables the Execution of the initialization. After successful graduation initialization is done by setting a so-called "end flags "instead of the first instruction set the second one is activated.
  • a chip card according to the preamble of claim 1 can be found in EP-A-540 095.
  • the invention has for its object protection for to specify a chip card that is already in the intermediate phase between their manufacture and their transfer to the normal Use is effective. It should therefore be excluded in particular be that e.g. in the on the smart card during manufacture applied program code itself, especially in the Operating system code, inspected or unauthorized or can be changed unprofessionally.
  • the object is achieved with that specified in claim 1 Smart card.
  • the internal processor and one for recording an operating system for operating the processor and this in turn, if necessary, further functional elements the chip card, e.g. Power supply, data interface to exchange data between the chip card and external Writing and reading stations and the like, serving non-volatile Program memory coordinated so that the chip card only execute a command instruction after its manufacture can, if it is for the first time with a read / write station in data connection is brought.
  • This instruction causes the reloading of an operating system-specific Command table in the non-volatile memory of the processor.
  • the design of a chip card according to the invention offers the Advantage that the chip card before authorization by Reloading the command table usually immediately before delivery almost in the domain of the new owner every type of unauthorized use is protected without being expensive Measures in the hardware or software area of the chip card should be provided, which the production of the chip card make it more expensive and possibly limit its usability would.
  • the chip card for executing the load command alone it is easily possible the chip card for executing the load command alone to upgrade for the command table.
  • the chip card prepares reloading the command table in terms of data technology for an authorized in possession of the code of the command table Facility, such as a bank, no problems. In this process, you can also use any of these at the same time further, the respective chip card e.g. regarding the individualized data are transmitted to new users.
  • a transfer the command table in cryptologically encrypted Create form When loading, the sequences of the transmitted code instructions in the command table are intercepted will. Nevertheless, the command table arrives not in plain text in the hands of possibly unauthorized persons.
  • Cryptographic encryption is advantageous protected by a so-called checksum.
  • the invention is based on that shown in the figure Embodiment explained in more detail.
  • FIG. 1 On the right side of the figure is exemplary in descriptive A section of the sequence of successive tables Instructions of the operating system code BSC shown.
  • the table is mentally both after to continue above as well as below.
  • the section shows an example of a preceding entry address adr k-1 and a subsequent entry address adr k.
  • the one of these Line of operating system command code assigned to entry addresses and the one to the next entry address the following lines of the operating system command code form a Group that executes a specific user command causes.
  • the chip card becomes a current user command AWB x preferably from an external read / write station fed.
  • This requires a command table KTB, which almost an access to the functional subunits of the Operating system BSC enables key.
  • Exemplary consists of each line of the command table KTB a first code part bic k, which for interpretation, i.e. to recognize the type, the current user command AWB x serves, and from a second code part adr k, which the Start address of the associated operating system command sequence contains.
  • the command table KTB thus consists of a first part table BIT, which is used for command interpretation serving codes bic 1, bic 2, bic 3 ... bic k ...
  • a with AWB x designated user command supplied to the chip card This is done by coding bic k as a permissible command recognized what is shown in the figure by a dashed line the left side of the command table KTB is shown. Now the associated entry address adr k is activated and hereby the code of the operating system BSC from the beginning at Entry address adr k on executed. In the figure is the Call of the operating system sequence belonging to the user command AWB x by one of the corresponding cell in the command table KTB up to the entry address adr k Arrow SBS shown.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)
  • Credit Cards Or The Like (AREA)
  • Developing Agents For Electrophotography (AREA)
  • Coupling Device And Connection With Printed Circuit (AREA)

Abstract

The invention concerns a chip card with at least one internal processor and a non-volatile programme memory for the operating system (BSC) of the processor. These are organized in such a way that the chip card, following its manufacture and its initial data-transfer connection to a read-write station, can only execute the at least one instruction statement which causes an operating-system-specific control table (KTB) to be reloaded into the nonvolatile programme memory of the processor, thus producing the assignment (adr 1...adr k... adr n) of user instruction statements (AWB x) to those parts of the operating system (BSC) which execute them. This has the advantage that the chip card is protected, in particular during the period between manufacture and delivery to the end-user, against unauthorized use, and its operating system against unauthorized access or alteration. The card preferably has means which cause the transmission of the control table (KTB) in encrypted form.

Description

Chipkarten finden in stark steigendem Maße in unterschiedlichsten Bereichen des täglichen Lebens Anwendung. Dementsprechend sind sehr große Mengen derselben im Umlauf. Üblicherweise sind eine Vielzahl von Maßnahmen vorgesehen, um nach der Ausgabe der Chipkarte, d.h. während der normalen Benutzung, Vermögensschäden insbesondere für den jeweiligen Kartenbesitzer zu vermeiden. So muß z.B. nach einem Kartenverlust zumindest eine unbefugte Benutzung der Karte durch beliebige Dritte verhindert werden.Smart cards are found in a wide variety of different ways Areas of daily life application. Accordingly there are very large quantities of them in circulation. Usually a variety of measures are envisaged to after issuing the chip card, i.e. during normal Use, financial loss especially for the respective Avoid cardholders. For example, after losing a card at least unauthorized use of the card any third party can be prevented.

Aufgrund der steigenden mengenmäßigen Verbreitung müssen aber auch Maßnahmen vorgesehen werden, um insbesondere größere Kartenmengen bereits vor deren einzelner Ausgabe an die Endkunden zu schützen. So werden Karten z.B. in u.U. sehr großen Mengen von einem Kartenhersteller an einen Verteiler von Karten, z.B. an ein Geldinstitut geschickt. Dieser Weg ist vergleichbar mit dem Transport von größeren Geldmengen zwischen Banken, und somit entsprechend gefährdet.Due to the increasing volume distribution, however measures are also envisaged, especially for larger ones Card quantities before they are issued to end customers to protect. So cards are e.g. in some circumstances very big Quantities from a card manufacturer to a distributor of cards, e.g. sent to a financial institution. This way is comparable with the transportation of larger amounts of money between Banks, and thus at risk accordingly.

In der JP 62-221 089 wird eine Blockierung einer Chipkarte bei der Initialisierung aufgehoben, indem ein Datencode eingelesen und mit einem auf der Chipkarte gespeicherten, entsprechenden Datencode verglichen wird. Nur bei einer Übereinstimmung des auf der Chipkarte gespeicherten Codes mit dem vom Benutzer einzugebenden Code wird die Karte zur Initialisierung freigegeben. Es findet somit ein Vergleich statt. Der zum Vergleich herangezogene Datencode ist schon auf der Karte enthalten.JP 62-221 089 describes a blocking of a chip card canceled during initialization by reading a data code and with a corresponding one stored on the chip card Data code is compared. Only if there is a match of the code stored on the chip card with the code to be entered by the user becomes the card for initialization Approved. A comparison is therefore made. Of the The data code used for comparison is already on the card contain.

Bei der in der JP 61-235 994 vorliegenden Chipkarte werden von einem Benutzer bei einer Initialisierung benutzerspezifische Daten eingegeben. Die Chipkarte enthält zwei verschiedene Befehlssatze. Der erste Befehlssatz ermöglicht die Durchführung der Initialisierung. Nach erfolgreichem Abschluß der Initialisierung wird durch Setzen eines sogenannten "end flags" anstelle des ersten Befehlssatzes der zweite aktiviert.In the chip card present in JP 61-235 994 user-specific by a user during initialization Data entered. The chip card contains two different ones Command sentences. The first instruction set enables the Execution of the initialization. After successful graduation initialization is done by setting a so-called "end flags "instead of the first instruction set the second one is activated.

Hierdurch wird die Chipkarte für den weiteren Gebrauch durch den Benutzer freigegeben.This makes the chip card for further use released by the user.

Eine Chipkarte entsprechend dem Oberbegriff von Anspruch 1 ist der EP-A-540 095 entnehmbar.A chip card according to the preamble of claim 1 can be found in EP-A-540 095.

Der Erfindung liegt die Aufgabe zugrunde einen Schutz für eine Chipkarte anzugeben, der bereits in der Zwischenphase zwischen deren Herstellung und deren Übergabe in den normalen Gebrauch wirksam ist. Es soll somit insbesondere ausgeschlossen sein, daß z.B. in den bei der Herstellung auf die Chipkarte aufgebrachten Programmcode selbst, insbesondere in den Code des Betriebssystems, Einsicht genommen bzw. dieser unbefugt oder unprofessionell verändert werden kann.The invention has for its object protection for to specify a chip card that is already in the intermediate phase between their manufacture and their transfer to the normal Use is effective. It should therefore be excluded in particular be that e.g. in the on the smart card during manufacture applied program code itself, especially in the Operating system code, inspected or unauthorized or can be changed unprofessionally.

Die Aufgabe wird gelöst mit der im Anspruch 1 angegebenen Chipkarte. Dabei sind der interne Prozessor und ein zur Aufnahme eines Betriebssystems zum Betrieb des Prozessors und hierüber wiederum gegebenenfalls weiterer Funktionselemente der Chipkarte, wie z.B. Energieversorgung, Datenschnittstelle zum Austausch von Daten zwischen der Chipkarte und externen Schreib- und Lesestationen u.dgl., dienender nichtflüchtigter Programmspeicher so aufeinander abgestimmt, daß die Chipkarte nach ihrer Herstellung nur eine Befehlsanweisung ausführen kann, wenn sie erstmalig mit einer Schreib-Lesestation in datentechnische Verbindung gebracht wird. Diese Befehlsanweisung bewirkt das Nachladen einer betriebssystemspezifischen Kommandotabelle in den nichtflüchtigen Speicher des Prozessors. Erst nach erfolgreicher Beendigung dieser Ladeoperation ist eine Zuordnung von weiteren, insbesondere über externe Schreib-Lesestationen der Chipkarte zugeführten Anwenderbefehlsanweisungen zu den für deren Ausführung vorgesehenen, jeweiligen Betriebssystemteilen möglich. Die Ausführung der für eine ordnungsgemäße Funktionsfähigkeit der Chipkarte gehörigen Befehlsanweisungen in Bezug auf alle während der Normalnutzung maximal möglichen Operationen ist somit erst nach Einbindung der Kommandotabelle möglich. The object is achieved with that specified in claim 1 Smart card. There are the internal processor and one for recording an operating system for operating the processor and this in turn, if necessary, further functional elements the chip card, e.g. Power supply, data interface to exchange data between the chip card and external Writing and reading stations and the like, serving non-volatile Program memory coordinated so that the chip card only execute a command instruction after its manufacture can, if it is for the first time with a read / write station in data connection is brought. This instruction causes the reloading of an operating system-specific Command table in the non-volatile memory of the processor. Only after this loading operation has been successfully completed is an assignment of others, especially via external ones Read / write stations of the user command instructions supplied to the chip card to those provided for their execution, respective operating system parts possible. The execution of the for proper functioning of the chip card associated command instructions related to all during the Normal use of the maximum possible operations is therefore only possible after integrating the command table.

Diese Ausführung bietet den Vorteil, daß u.U. auch sehr große Mengen frisch hergestellter Chipkarten nahezu vollkommen unbrauchbar sind. Die Ermöglichung der Gebrauchsfertigkeit erfolgt vielmehr separat für jede einzelne Chipkarte meist erst unmittelbar vor deren Übergabe an den berechtigten Endbenutzer. Neu hergestellte Chipkarten, in deren nichtflüchtigem Speicher bzw. anderen Speicherbereichen zwar die Codierung der aufeinanderfolgenden Betriebssystembefehlsanweisungen geladen ist, sind deswegen nicht funktionsfähig, weil aufgrund der fehlenden Kommandotabelle eingehende Anwenderbefehlsanweisungen nicht identifiziert und der bzw. die zu deren Ausführung benötigten Betriebssystemteile wegen der nicht vorhandenen, dazugehörigen Verzweigadressen nicht aktiviert werden können. Praktisch ist es mit vernünftigem Zeit- und Mittelaufwand nahezu nicht möglich, in der Art eines Reverse-Engineering die funktionelle Struktur des Betriebssystems so zu rekonstruieren, daß die zur Ausführung einzelner Anwenderbefehlsanweisung gehörigen Teile und deren mögliche Wechselwirkungen in Form von Einsprungadressen zugänglich werden.This version has the advantage that under certain circumstances also very large Quantities of freshly produced chip cards are almost completely unusable are. The readiness for use is enabled rather, usually separately for each individual chip card immediately before they are handed over to the authorized end user. Newly manufactured chip cards, in their non-volatile Memory or other memory areas, the coding the successive operating system command instructions are not functional because of the missing command table incoming user command instructions not identified and the to operating system parts required because of the nonexistent, associated branch addresses not activated can be. It is practical with reasonable Time and resources almost impossible, in the manner of reverse engineering the functional structure of the operating system to be reconstructed in such a way that the execution parts belonging to individual user instructions and their possible interactions accessible in the form of entry addresses will.

Die Gestaltung einer Chipkarte gemäß der Erfindung bietet den Vorteil, daß die Chipkarte vor deren Autorisierung durch Nachladen der Kommandotabelle meist unmittelbar vor Übergabe in den Herrschaftsbereich des neuen Besitzers nahezu gegen jede Art von unbefugtem Gebrauch geschützt ist, ohne daß aufwendige Maßnahmen im Hard- oder Softwarebereich der Chipkarte vorgesehen werden müßten, welche die Herstellung der Chipkarte verteuern und deren Gebrauchs fähigkeit möglicherweise einschränken würden. Einerseits ist auf einfache Weise möglich, die Chipkarte zur alleinigen Ausführbarkeit des Ladebefehls für die Kommandotabelle zu ertüchtigen. Andererseits bereitet das Nachladen der Kommandotabelle datentechnisch für eine befugterweise im Besitz des Codes der Kommandotabelle befindliche Einrichtung, wie z.B. eine Bank, keinerlei Probleme. Bei diesem Vorgang können bei Bedarf gleichzeitig auch beliebige weitere, die jeweilige Chipkarte z.B. bezüglich des neuen Benutzers individualisierende Daten übertragen werden.The design of a chip card according to the invention offers the Advantage that the chip card before authorization by Reloading the command table usually immediately before delivery almost in the domain of the new owner every type of unauthorized use is protected without being expensive Measures in the hardware or software area of the chip card should be provided, which the production of the chip card make it more expensive and possibly limit its usability would. On the one hand, it is easily possible the chip card for executing the load command alone to upgrade for the command table. On the other hand prepares reloading the command table in terms of data technology for an authorized in possession of the code of the command table Facility, such as a bank, no problems. In this process, you can also use any of these at the same time further, the respective chip card e.g. regarding the individualized data are transmitted to new users.

Neben der Verhinderung unbefugter Benutzung von Chipkarten vor deren Übergabe in den normalen Gebrauch wird durch die Erfindung auch unterbunden, daß in dieser Zwischenphase in den bei der Herstellung auf die Chipkarte aufgebrachten Programmcode selbst, insbesondere der Code des Betriebssystems, in unbefugter Weise Einsicht genommen bzw. dieser unbefugt oder unprofessionell verändert wird.In addition to preventing unauthorized use of chip cards before they are put into normal use by the Invention also prevented that in this intermediate phase in the program code applied to the chip card during manufacture itself, especially the operating system code, inspected in an unauthorized manner or unauthorized or is changed unprofessionally.

Gemäß einer vorteilhaften weiteren Ausgestaltung der Erfindung können zusätzlich Mittel vorhanden sein, eine Übertragung der Kommandotabelle in kryptologisch verschlüsselter Form bewirken. Beim Ladevorgang können dann die Sequenzen der übertragenen Codeanweisungen der Kommandotabelle zwar abgehört werden. Dennoch gelangt hierdurch die Kommandotabelle nicht im Klartext in die Hände möglicherweise unbefugter Personen. Vorteilhaft wird die krypotologische Verschlüsselung mittels eine sogenannten Prüfsumme geschützt.According to an advantageous further embodiment of the invention there may be additional means, a transfer the command table in cryptologically encrypted Create form. When loading, the sequences of the transmitted code instructions in the command table are intercepted will. Nevertheless, the command table arrives not in plain text in the hands of possibly unauthorized persons. Cryptographic encryption is advantageous protected by a so-called checksum.

Die Erfindung wird nachfolgend an dem in der Figur dargestellten Ausführungsbeispiel näher erläutert.The invention is based on that shown in the figure Embodiment explained in more detail.

Auf der rechten Seite der Figur ist beispielhaft in anschaulicher Tabellenform ein Ausschnitt aus der Sequenz der aufeinanderfolgenden Anweisungen des Betriebssystemcodes BSC dargestellt. Dabei ist gedanklich die Tabelle sowohl nach oben als auch nach unter fortzusetzen. Der Ausschnitt zeigt beispielhaft eine vorangehende Einsprungadresse adr k-1 und eine darauf folgende Einsprungadresse adr k. Die einer dieser Einsprungsadressen zugeordnete Zeile des Betriebssystembefehlscodes und die bis zur nächsten Einsprungadresse darauf folgenden Zeilen des Betriebssystembefehlscodes bilden eine Gruppe, welche die Ausführung eines bestimmten Anwenderkommandos bewirkt. On the right side of the figure is exemplary in descriptive A section of the sequence of successive tables Instructions of the operating system code BSC shown. The table is mentally both after to continue above as well as below. The section shows an example of a preceding entry address adr k-1 and a subsequent entry address adr k. The one of these Line of operating system command code assigned to entry addresses and the one to the next entry address the following lines of the operating system command code form a Group that executes a specific user command causes.

Im Beispiel der Figur wird der Chipkarte ein aktuelles Anwenderkommando AWB x bevorzugt von einer externen Schreib-Lesestation zugeführt. Dieses soll vom Betriebssystem ausgeführt werden. Hierzu wird eine Kommandotabelle KTB benötigt, welche quasi einen den Zugang zu den funktionellen Teileinheiten des Betriebssystems BSC ermöglichenden Schlüssel darstellt. Beispielhaft besteht jede Zeile der Kommandotabelle KTB aus einem ersten Codeteil bic k, welcher zur Interpretation, d.h. zur Erkennung des Typs, des aktuellen Anwenderkommandos AWB x dient, und aus einem zweiten Codeteil adr k, welcher die Startadresse der dazugehörigen Betriebssystembefehlssequenz enthält. Die Kommandotabelle KTB besteht somit aus einer ersten Teiltabelle BIT, welche die zur Befehlsinterpretation dienenden Codes bic 1, bic 2, bic 3 ... bic k ... bic n-1, bic n enthält, und aus einer zweiten Teiltabelle BSC, welche die dazugehörigen Einsprungsadressen adr 1, adr 2, adr 3 ... adr k ... adr n-1, adr n der entsprechenden Betriebssystemsequenzen enthält.In the example of the figure, the chip card becomes a current user command AWB x preferably from an external read / write station fed. This should be done by the operating system will. This requires a command table KTB, which almost an access to the functional subunits of the Operating system BSC enables key. Exemplary consists of each line of the command table KTB a first code part bic k, which for interpretation, i.e. to recognize the type, the current user command AWB x serves, and from a second code part adr k, which the Start address of the associated operating system command sequence contains. The command table KTB thus consists of a first part table BIT, which is used for command interpretation serving codes bic 1, bic 2, bic 3 ... bic k ... bic n-1, bic n, and from a second part table BSC, which the associated entry addresses adr 1, adr 2, adr 3 ... adr k ... adr n-1, adr n of the corresponding operating system sequences contains.

Bei dem in der Figur dargestellten Beispiel wird ein mit AWB x bezeichnetes Anwenderkommando der Chipkarte zugeführt. Dieses wird durch die Codierung bic k als zulässiger Befehl erkannt, was in der Figur durch eine strichlierte Linie auf der linken Seite der Kommandotabelle KTB dargestellt ist. Nun wird die dazugehörige Einsprungadresse adr k aktiviert und hierdurch der Code des Betriebssystems BSC von Beginn bei der Einsprungadresse adr k an ausgeführt. In der Figur ist der Aufruf der zum Anwenderkommando AWB x gehörenden Betriebssystemsequenz durch einen von der entsprechenden Zelle der Kommandotabelle KTB bis zur Einsprungadresse adr k verlaufenden Pfeil SBS dargestellt.In the example shown in the figure, a with AWB x designated user command supplied to the chip card. This is done by coding bic k as a permissible command recognized what is shown in the figure by a dashed line the left side of the command table KTB is shown. Now the associated entry address adr k is activated and hereby the code of the operating system BSC from the beginning at Entry address adr k on executed. In the figure is the Call of the operating system sequence belonging to the user command AWB x by one of the corresponding cell in the command table KTB up to the entry address adr k Arrow SBS shown.

Aus dem Beispiel der Figur ist zu erkennen, daß ohne die Brückenfunktion einer Kommandotabelle KTB kein Anwenderkommando AWB x ausführbar ist, da keine Zuordnung desselben zu dem dazugehörigen Teil des Betriebssystems möglich ist. Die erfindungsgemäße Ausgestaltung der Chipkarte stellt somit einen außerordentlich wirksamen Schutz gegen unbefugte Benutzung frisch hergestellter Chipkarten dar.From the example of the figure it can be seen that without the Bridge function of a command table KTB no user command AWB x is executable, since no assignment of the same to the associated part of the operating system. The configuration of the chip card according to the invention thus represents extremely effective protection against unauthorized use freshly produced chip cards.

Claims (3)

  1. Chip card, having at least one internal processor and one non-volatile program memory for an operating system (BSC) of the processor, characterized in that, after its manufacture and a first data-handling connection to a read-write station, the chip card can execute only the at least one command instruction which effects the reloading of a command table (KTB) specific to the operating system into the non-volatile program memory of the processor, whereby the assignment (adr1 ... adr k ... adr n) of user command instructions (AWBx) to the parts of the operating system (BSC) respectively executing them is established.
  2. Chip card according to Claim 1, there being means which effect a transfer of the command table-(KTB) in a cryptologically encoded form.
  3. Chip card according to Claim 2, the cryptological encoding being effected by means of a check sum.
EP96905687A 1995-03-10 1996-03-06 Chip card with protected operating system Revoked EP0813723B1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE19508724 1995-03-10
DE19508724A DE19508724C1 (en) 1995-03-10 1995-03-10 Smart card with protected operating system
PCT/DE1996/000399 WO1996028795A1 (en) 1995-03-10 1996-03-06 Chip card with protected operating system

Publications (2)

Publication Number Publication Date
EP0813723A1 EP0813723A1 (en) 1997-12-29
EP0813723B1 true EP0813723B1 (en) 1998-09-02

Family

ID=7756356

Family Applications (1)

Application Number Title Priority Date Filing Date
EP96905687A Revoked EP0813723B1 (en) 1995-03-10 1996-03-06 Chip card with protected operating system

Country Status (8)

Country Link
EP (1) EP0813723B1 (en)
CN (1) CN1176701A (en)
AT (1) ATE170647T1 (en)
DE (2) DE19508724C1 (en)
DK (1) DK0813723T3 (en)
ES (1) ES2120809T3 (en)
NO (1) NO974055L (en)
WO (1) WO1996028795A1 (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19705615A1 (en) * 1997-02-14 1998-06-04 Dirk Prof Dr Ing Jansen Chip-card for measuring and displaying temperature e.g. for monitoring foodstuffs cooling chain during transportation
US6317832B1 (en) 1997-02-21 2001-11-13 Mondex International Limited Secure multiple application card system and process
US6230267B1 (en) 1997-05-15 2001-05-08 Mondex International Limited IC card transportation key set
US6357665B1 (en) 1998-01-22 2002-03-19 Mondex International Limited Configuration of IC card
DE69932412T2 (en) * 1998-02-06 2007-02-22 Mondex International Ltd. SMART CARD CONFIGURATION
DE19822220B4 (en) * 1998-05-18 2018-01-25 Giesecke+Devrient Mobile Security Gmbh Access-protected disk
DE19841676A1 (en) * 1998-09-11 2000-03-16 Giesecke & Devrient Gmbh Access protected data carrier with semiconductor chip, has operation which is modified prior to its execution, and is supplied with modified input data
DE19845582A1 (en) * 1998-10-02 2000-04-06 Ibm Simplified use of a chip card
DE19950118C2 (en) * 1999-10-18 2002-03-07 Texas Instruments Deutschland Method for preventing unauthorized access to a memory
FR2840428B1 (en) * 2002-05-30 2004-08-20 Gemplus Card Int SECURE METHOD FOR DEPLOYING A COMPUTER PROGRAM ON SEPARATE INFORMATION MEDIA
JP4828809B2 (en) * 2003-12-10 2011-11-30 株式会社東芝 IC card and processing method in IC card
CN1315095C (en) * 2004-03-09 2007-05-09 上海华虹集成电路有限责任公司 Method for configuring smart cards
DE102006042723A1 (en) * 2006-09-12 2008-03-27 Vodafone Holding Gmbh Chip card and method for software-based modification of a chip card
DE102008036873A1 (en) * 2008-08-07 2010-02-11 Giesecke & Devrient Gmbh Memory management in a portable volume

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3833241A1 (en) * 1988-09-30 1990-04-05 Deutsche Bundespost METHOD FOR PROGRAMMING CHIP CARDS
FR2683357A1 (en) * 1991-10-30 1993-05-07 Philips Composants MICROCIRCUIT FOR PROTECTED PROGRAMMABLE MEMORY CHIP CARD.

Also Published As

Publication number Publication date
CN1176701A (en) 1998-03-18
NO974055D0 (en) 1997-09-03
ES2120809T3 (en) 1998-11-01
WO1996028795A1 (en) 1996-09-19
NO974055L (en) 1997-11-10
ATE170647T1 (en) 1998-09-15
DE59600517D1 (en) 1998-10-08
DE19508724C1 (en) 1996-10-31
EP0813723A1 (en) 1997-12-29
DK0813723T3 (en) 1999-06-07

Similar Documents

Publication Publication Date Title
EP0813723B1 (en) Chip card with protected operating system
DE3044463C2 (en)
DE19633466C2 (en) Post-initialization of chip cards
EP0766211A2 (en) Multifunctional IC-card
DE69100836T2 (en) Method and device for increasing the protection of a memory card.
DE3103514A1 (en) METHOD AND DEVICE FOR CONTROLLING A SECURED TRANSACTION
DE69316576T2 (en) IC card with age-protected data and programs
EP0805607B1 (en) Method for accessing at least a part of the data of a microprocessor card
DE2734456A1 (en) DATA SCANNING SYSTEM FOR DETERMINING THE VALIDITY OF A RECORDING MEDIUM
EP1192548A1 (en) Method for accessing a memory and memory device therefor
EP0224639B1 (en) Method to control the memory access of an ic card and implementing device
DE3318101A1 (en) CIRCUIT ARRANGEMENT WITH A STORAGE AND ACCESS CONTROL UNIT
DE10324337B4 (en) Computer system and associated method for performing a safety program
EP0127809B1 (en) Circuit arrangement comprising a memory and an access control unit
EP0280035A2 (en) Method for the programme securing and for integrity checking of a secured programme
DE69101099T2 (en) Method for confirming secret codes in memory cards.
DE69801679T2 (en) SECURE STORAGE MANAGEMENT PROCEDURE
DE1180171B (en) Number calculator
EP0813722B1 (en) Licence-card-controlled chip card system
EP0977160B1 (en) Method and data processing device for the reliable execution of instructions
DE10141926B4 (en) Method for backing up the data of a data storage device
DE69506789T2 (en) Memory card and procedure for managing consecutive entries
EP1118065B1 (en) Circuit and method for authenticating the content of a memory location
WO1998039743A2 (en) Method for carrying out modifications in authorization data sets
DE102023102691A1 (en) Method for writing data to an IC and system for carrying out the method

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 19970902

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT CH DE DK ES FI FR GB IT LI NL PT SE

GRAG Despatch of communication of intention to grant

Free format text: ORIGINAL CODE: EPIDOS AGRA

GRAG Despatch of communication of intention to grant

Free format text: ORIGINAL CODE: EPIDOS AGRA

GRAH Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOS IGRA

17Q First examination report despatched

Effective date: 19980127

GRAH Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOS IGRA

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT CH DE DK ES FI FR GB IT LI NL PT SE

REF Corresponds to:

Ref document number: 170647

Country of ref document: AT

Date of ref document: 19980915

Kind code of ref document: T

REG Reference to a national code

Ref country code: CH

Ref legal event code: NV

Representative=s name: SIEMENS SCHWEIZ AG

Ref country code: CH

Ref legal event code: EP

REF Corresponds to:

Ref document number: 59600517

Country of ref document: DE

Date of ref document: 19981008

REG Reference to a national code

Ref country code: ES

Ref legal event code: FG2A

Ref document number: 2120809

Country of ref document: ES

Kind code of ref document: T3

ET Fr: translation filed
GBT Gb: translation of ep patent filed (gb section 77(6)(a)/1977)

Effective date: 19981105

REG Reference to a national code

Ref country code: PT

Ref legal event code: SC4A

Free format text: AVAILABILITY OF NATIONAL TRANSLATION

Effective date: 19981202

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DK

Payment date: 19990309

Year of fee payment: 4

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: SE

Payment date: 19990319

Year of fee payment: 4

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 19990323

Year of fee payment: 4

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: ES

Payment date: 19990325

Year of fee payment: 4

PLBI Opposition filed

Free format text: ORIGINAL CODE: 0009260

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 19990520

Year of fee payment: 4

REG Reference to a national code

Ref country code: DK

Ref legal event code: T3

26 Opposition filed

Opponent name: GIESECKE & DEVRIENT GMBH

Effective date: 19990505

PLBF Reply of patent proprietor to notice(s) of opposition

Free format text: ORIGINAL CODE: EPIDOS OBSO

PLBF Reply of patent proprietor to notice(s) of opposition

Free format text: ORIGINAL CODE: EPIDOS OBSO

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FI

Payment date: 20000210

Year of fee payment: 5

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: PT

Payment date: 20000225

Year of fee payment: 5

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: AT

Payment date: 20000301

Year of fee payment: 5

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20000306

Ref country code: DK

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20000306

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20000307

Ref country code: ES

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20000307

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20000331

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20000331

PLBF Reply of patent proprietor to notice(s) of opposition

Free format text: ORIGINAL CODE: EPIDOS OBSO

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NL

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20001001

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20000306

EUG Se: european patent has lapsed

Ref document number: 96905687.8

REG Reference to a national code

Ref country code: DK

Ref legal event code: EBP

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20001130

NLV4 Nl: lapsed or anulled due to non-payment of the annual fee

Effective date: 20001001

REG Reference to a national code

Ref country code: FR

Ref legal event code: ST

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20010103

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20010306

Ref country code: AT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20010306

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20010930

REG Reference to a national code

Ref country code: ES

Ref legal event code: FD2A

Effective date: 20011010

REG Reference to a national code

Ref country code: PT

Ref legal event code: MM4A

Free format text: LAPSE DUE TO NON-PAYMENT OF FEES

Effective date: 20010930

RDAH Patent revoked

Free format text: ORIGINAL CODE: EPIDOS REVO

RDAG Patent revoked

Free format text: ORIGINAL CODE: 0009271

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: PATENT REVOKED

27W Patent revoked

Effective date: 20020322

REG Reference to a national code

Ref country code: PT

Ref legal event code: MF4A

Effective date: 20020920